From Fedora Project Wiki

No edit summary
 
(23 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Introcuction ==
== Introduction ==


Trusted Boot is a technique...
Trusted Boot is a technique...
Line 5: Line 5:
== Prerequisites ==
== Prerequisites ==


yum install tboot
    yum install tboot openssl trousers kernel-modules-extra
 
yum install openssl


== Installation ==
== Installation ==


The following will provide a trusted boot setup with checksums on the initramd and kernel.
The following will provide a trusted boot setup with checksums on the initramd and kernel.
=== Take ownership of the TPM ===
    tpm_takeownership -z
=== Ensure Proper SINIT ACM ===
See http://software.intel.com/en-us/articles/intel-trusted-execution-technology
Some hardware platforms include the SINIT ACM in BIOS.  Most do not.  You may download all of the ACM modules into /boot and list them all as modules in your grub.conf.  tboot will pick the right module for your platform.
=== Create VLP ===
In order to create a VLP we need the path to the initial ram disk and kernel, as well as the kernel line in grub.conf.
Create a new verified launch policy.
    tb_polgen --create --type nonfatal vl.pol
Add the kernel hash / grub command to our VLP
    tb_polgen --add --num 0 --pcr 18 --hash image --cmdline "$grub_cmdline" --image $kernel_file vl.pol
Add the initramd to VLP
    tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "" --image $initramd_file vl.pol
Hash tboot.gz
    lcp_mlehash -c "logging=vga,serial,memory" /boot/tboot.gz > mle_hash
    lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 17 --out mle.elt mle_hash
Find your system's pcr values. They may alternatively be in /sys/bus/pnp/devices/00:0a/pcrs
    cat /sys/devices/platform/tpm_tis/pcrs | grep -e PCR-00 -e PCR-01 > pcrs
Create the Launch Policy
    lcp_crtpolelt --create --type pconf --out pconf.elt pcrs
Note: the following command uses a default uuid. You may want to replace tboot with your systems uuid.
    lcp_crtpolelt --create --type custom --out custom.elt --uuid tboot vl.pol
    lcp_crtpollist --create --out list_unsig.lst mle.elt pconf.elt
    openssl genrsa -out privkey.pem 2048
    openssl rsa -pubout -in privkey.pem -out pubkey.pem
    cp list_unsig.lst list_sig.lst
    lcp_crtpollist --sign --pub pubkey.pem --priv privkey.pem --out list_sig.lst
    lcp_crtpol2 --create --type list --pol list.pol --data list.data list_{unsig,sig}.lst
    tcsd
=== Load LCP into TPM NVRAM ===
    lcp_writepol -z -i owner -f list.pol
    lcp_writepol -z -i 0x20000001 -f vl.pol
=== Create new grub.conf entry ===
<pre>
title tboot
    root (hd0,0)
    kernel /tboot.gz loglvl=all logging=serial,vga,memory vga_delay=1
    module /vmlinuz-3.3.4-5.tis.fc17.x86_64 root=/dev/sda3 intel_iommu=on ro
    module /initramfs-3.3.4-5.tis.fc17.x86_64.img
    module /2nd_gen_i5_i7_SINIT_51.BIN
    module /list.data
</pre>
== LCP ==
Add more in depth information about launch control policy here.
== TPM PCRs ==
{|
! PCR !! Values
|-
| 0 || CRTM, BIOS, and Host Platform Extensions
|-
| 1 || Host Platform Configuration (BIOS Data)
|-
| 2 || Option ROM Code
|-
| 3 || Option ROM Configuration and Data
|-
| 4 || IPL Code (usually the MBR)
|-
| 5 || IPL Code Configuration and Data (Partition Table?)
|-
| 6 || State Transition and Wake Events
|-
| 7 || Host Platform Manufactuer Control
|-
| 10 || IMA Measurement List
|-
| 17 || TXT Stuff ?!?!
|-
| 18 || SHA-1 Hash of MLE (Kernel and initrd?  Defined by LCP?)
|}


'''Step 1'''
== Notes ==


Take ownership of the TPM with:
We may need to modprobe tpm --force=1
tpm_takeownership -z

Latest revision as of 15:32, 22 June 2012

Introduction

Trusted Boot is a technique...

Prerequisites

   yum install tboot openssl trousers kernel-modules-extra

Installation

The following will provide a trusted boot setup with checksums on the initramd and kernel.

Take ownership of the TPM

   tpm_takeownership -z

Ensure Proper SINIT ACM

See http://software.intel.com/en-us/articles/intel-trusted-execution-technology

Some hardware platforms include the SINIT ACM in BIOS. Most do not. You may download all of the ACM modules into /boot and list them all as modules in your grub.conf. tboot will pick the right module for your platform.

Create VLP

In order to create a VLP we need the path to the initial ram disk and kernel, as well as the kernel line in grub.conf.

Create a new verified launch policy.

   tb_polgen --create --type nonfatal vl.pol

Add the kernel hash / grub command to our VLP

   tb_polgen --add --num 0 --pcr 18 --hash image --cmdline "$grub_cmdline" --image $kernel_file vl.pol

Add the initramd to VLP

   tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "" --image $initramd_file vl.pol

Hash tboot.gz

   lcp_mlehash -c "logging=vga,serial,memory" /boot/tboot.gz > mle_hash
   lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 17 --out mle.elt mle_hash

Find your system's pcr values. They may alternatively be in /sys/bus/pnp/devices/00:0a/pcrs

   cat /sys/devices/platform/tpm_tis/pcrs | grep -e PCR-00 -e PCR-01 > pcrs

Create the Launch Policy

   lcp_crtpolelt --create --type pconf --out pconf.elt pcrs

Note: the following command uses a default uuid. You may want to replace tboot with your systems uuid.

   lcp_crtpolelt --create --type custom --out custom.elt --uuid tboot vl.pol
   lcp_crtpollist --create --out list_unsig.lst mle.elt pconf.elt
   openssl genrsa -out privkey.pem 2048
   openssl rsa -pubout -in privkey.pem -out pubkey.pem
   cp list_unsig.lst list_sig.lst
   lcp_crtpollist --sign --pub pubkey.pem --priv privkey.pem --out list_sig.lst
   lcp_crtpol2 --create --type list --pol list.pol --data list.data list_{unsig,sig}.lst
   tcsd

Load LCP into TPM NVRAM

   lcp_writepol -z -i owner -f list.pol
   lcp_writepol -z -i 0x20000001 -f vl.pol

Create new grub.conf entry

title tboot
    root (hd0,0)
    kernel /tboot.gz loglvl=all logging=serial,vga,memory vga_delay=1
    module /vmlinuz-3.3.4-5.tis.fc17.x86_64 root=/dev/sda3 intel_iommu=on ro
    module /initramfs-3.3.4-5.tis.fc17.x86_64.img
    module /2nd_gen_i5_i7_SINIT_51.BIN
    module /list.data

LCP

Add more in depth information about launch control policy here.

TPM PCRs

PCR Values
0 CRTM, BIOS, and Host Platform Extensions
1 Host Platform Configuration (BIOS Data)
2 Option ROM Code
3 Option ROM Configuration and Data
4 IPL Code (usually the MBR)
5 IPL Code Configuration and Data (Partition Table?)
6 State Transition and Wake Events
7 Host Platform Manufactuer Control
10 IMA Measurement List
17 TXT Stuff ?!?!
18 SHA-1 Hash of MLE (Kernel and initrd? Defined by LCP?)

Notes

We may need to modprobe tpm --force=1